45256 |
2024-06-12 09:56
|
noncontrabandsVB1.ps1 183df9ec9ef6dbd453bcee91c8939534 Generic Malware Antivirus VirusTotal Malware Check memory Checks debugger unpack itself WriteConsoleW Windows ComputerName Cryptographic key crashed |
1
https://www.dsestimation.com/wp-content/uploads/2015/10/causativenesszb.exe
|
|
|
|
3.0 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45257 |
2024-06-12 09:56
|
wizeninglYZn.ps1 e9c90b339939ce08b126a6f4e5a5cd5a Generic Malware Antivirus VirusTotal Malware Check memory Checks debugger unpack itself WriteConsoleW Windows ComputerName Cryptographic key crashed |
1
https://lechiavetteusb.it/imgs/usb/logo/spiralitykSzkj.exe
|
|
|
|
3.0 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45258 |
2024-06-12 10:06
|
lionsareveryinterstingcharacte... fe30d755f7243a16d47bf6f37b929cd2 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed |
|
|
|
|
2.8 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45259 |
2024-06-12 10:09
|
entirethingscleantogetlionsisa... 1ea13f7866b6cdb3407f6c7e72857b99 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
http://192.210.150.29/xampp/ebm/flowersandlionsbothgreatattitudeimage.bmp https://paste.ee/d/CJwKy
|
3
paste.ee(172.67.187.200) - mailcious 172.67.187.200 - mailcious 192.210.150.29 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45260 |
2024-06-12 10:11
|
sevendaytounderstamndhowmuchsw... c272b9af2086b381b4e4fc7328897cf4 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
http://192.3.243.156/sparetuesdayparttss.png https://paste.ee/d/PFErN
|
3
paste.ee(104.21.84.67) - mailcious 104.21.84.67 - malware 192.3.243.156 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45261 |
2024-06-12 10:13
|
causativenesszb.exe d00c83d7c1ab5910961439e14bb3032f Generic Malware ASPack Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware Cryptocurrency wallets Cryptocurrency Check memory unpack itself ComputerName |
|
|
|
|
3.2 |
|
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45262 |
2024-06-12 10:13
|
Update.exe 41ba5678a81003f4f12cfda4c800f61f Generic Malware Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check VirusTotal Malware |
|
|
|
|
1.4 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45263 |
2024-06-12 10:24
|
부가가치세 수정신고 안내(부가가치세사무처리규정).hwp... 0777cbcc96dd9a2d4319a4bf9404bba7 Generic Malware Malicious Library HWP PS PostScript Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell CAB PE32 PE File MSOffice File JPEG Format Malware download VirusTotal Malware Campaign powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Konni Windows ComputerName Cryptographic key |
3
http://sibbss.com/upload.php
http://sibbss.com/list.php
https://radionaranjalstereo.com/wp-content/themes/ai-news/js/inc/get.php?ra=iew&zw=lk0100
|
2
sibbss.com(176.97.64.174) 176.97.64.174
|
1
ET MALWARE [ANY.RUN] Konni.APT Exfiltration
|
|
9.2 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45264 |
2024-06-12 11:14
|
0eb413efb152de726ad9cdb8927e93... 1adeea63d576dea9add98e01e9fe78b4 Malicious Library Antivirus .NET framework(MSIL) .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces |
|
|
|
|
2.4 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45265 |
2024-06-12 13:25
|
bas.bat c3d227e82f84533c2918a6239b99ff2d Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName Cloudflare DNS Cryptographic key crashed |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
https://stocks-army-malta-false.trycloudflare.com/qfv0ao.zip
|
4
stocks-army-malta-false.trycloudflare.com(104.16.231.132) 61.111.58.34 - malware
61.111.58.16 - suspicious
104.16.230.132 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)
|
|
7.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45266 |
2024-06-12 15:17
|
fb34_gate2.rar a229ecb9458451d9691f269857aec75d Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware download Cryptocurrency Miner Malware Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee Windows Discord RisePro DNS CoinMiner |
8
http://5.42.66.10/download/th/space.php - rule_id: 39944 http://5.42.99.177/api/crazyfish.php - rule_id: 40006 http://apps.identrust.com/roots/dstrootcax3.p7c http://5.42.99.177/api/twofish.php - rule_id: 40008 http://88.218.93.76/d/385135 http://5.42.66.10/download/123p.exe - rule_id: 39935 https://db-ip.com/demo/home.php?s= https://steamcommunity.com/profiles/76561199698764354
|
36
db-ip.com(104.26.4.15) pool.hashvault.pro(125.253.92.50) - mailcious cdn-download.avgbrowser.com(23.1.236.116) api64.ipify.org(104.237.62.213) bitbucket.org(104.192.141.1) - malware api.myip.com(172.67.75.163) steamcommunity.com(104.106.57.101) - mailcious iplogger.org(104.21.4.208) - mailcious t.me(149.154.167.99) - mailcious ipinfo.io(34.117.186.192) lop.foxesjoy.com(172.67.159.232) - malware cdn.discordapp.com(162.159.135.233) - malware vk.com(87.240.132.78) - mailcious raw.githubusercontent.com(185.199.108.133) - malware 104.71.154.102 182.162.106.33 - malware 104.26.5.15 104.21.4.208 147.45.47.126 - mailcious 185.199.111.133 - mailcious 34.117.186.192 149.154.167.99 - mailcious 95.217.135.112 162.159.130.233 - malware 104.21.66.124 - malware 104.237.62.213 77.91.77.80 - malware 5.42.66.10 - malware 104.192.141.1 - mailcious 121.254.136.9 125.253.92.50 5.42.99.177 - mailcious 104.26.9.59 23.33.184.247 88.218.93.76 87.240.132.72 - mailcious
|
24
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI ET INFO TLS Handshake Failure SURICATA Applayer Mismatch protocol both directions ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET DROP Spamhaus DROP Listed Traffic Inbound group 1 ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO Executable Download from dotted-quad Host ET HUNTING Redirect to Discord Attachment Download ET INFO Packed Executable Download ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) SURICATA Applayer Wrong direction first Data
|
4
http://5.42.66.10/download/th/space.php http://5.42.99.177/api/crazyfish.php http://5.42.99.177/api/twofish.php http://5.42.66.10/download/123p.exe
|
4.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45267 |
2024-06-12 17:05
|
jquery.min.js 41ce2a4359cc224772c6e32eae0a6013VirusTotal Malware crashed |
|
|
|
|
1.2 |
|
37 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45268 |
2024-06-13 10:36
|
setup.exe 175fcc55a11bbd0bd69c5dab9cba90c3 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE32 PE File PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key |
|
|
|
|
12.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45269 |
2024-06-13 11:38
|
DIP.exe 3f02a2516380a49f81ae8e15e7f548cc Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX Device_File_Check PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
1
|
2
api.ipify.org(104.26.13.205) 104.26.13.205
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.0 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45270 |
2024-06-13 11:40
|
%E8%A1%A8%E6%A0%BC%E7%9B%AE%E5... 2e956653703d1fa9a23d6c9d23d53ee3 Emotet Gen1 Generic Malware Malicious Library Malicious Packer UPX Downloader Antivirus PE32 PE File OS Processor Check DLL MZP Format BMP Format VirusTotal Malware Check memory Creates shortcut Creates executable files AntiVM_Disk sandbox evasion VM Disk Size Check Browser ComputerName Remote Code Execution DNS crashed |
|
1
|
|
|
5.8 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|